From eac46d0da05dd435bd1d0829121a771e7115e1e0 Mon Sep 17 00:00:00 2001 From: Hugo Sampaio Date: Mon, 10 Feb 2025 10:31:03 -0300 Subject: [PATCH] fix conflitct --- ajax.php | 176 ++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 167 insertions(+), 9 deletions(-) diff --git a/ajax.php b/ajax.php index 9e13c3a0..e8d81564 100644 --- a/ajax.php +++ b/ajax.php @@ -15,6 +15,7 @@ require_once "plugins/totp/totp.php"; * Fetches SSL certificates from remote hosts & returns the relevant info (issuer, expiry, public key) */ if (isset($_GET['certificate_fetch_parse_json_details'])) { + enforceUserPermission('module_support'); // PHP doesn't appreciate attempting SSL sockets to non-existent domains if (empty($_GET['domain'])) { @@ -43,7 +44,7 @@ if (isset($_GET['certificate_fetch_parse_json_details'])) { * Looks up info for a given certificate ID from the database, used to dynamically populate modal fields */ if (isset($_GET['certificate_get_json_details'])) { - validateTechRole(); + enforceUserPermission('module_support'); $certificate_id = intval($_GET['certificate_id']); $client_id = intval($_GET['client_id']); @@ -109,7 +110,7 @@ if (isset($_GET['domain_get_json_details'])) { * Looks up info on the ticket number provided, used to populate the ticket merge modal */ if (isset($_GET['merge_ticket_get_json_details'])) { - validateTechRole(); + enforceUserPermission('module_support'); $merge_into_ticket_number = intval($_GET['merge_into_ticket_number']); @@ -134,7 +135,7 @@ if (isset($_GET['merge_ticket_get_json_details'])) { * Looks up info for a given network ID from the database, used to dynamically populate modal fields */ if (isset($_GET['network_get_json_details'])) { - validateTechRole(); + enforceUserPermission('module_support'); $network_id = intval($_GET['network_id']); $client_id = intval($_GET['client_id']); @@ -159,6 +160,8 @@ if (isset($_GET['network_get_json_details'])) { } if (isset($_POST['client_set_notes'])) { + enforceUserPermission('module_client', 2); + $client_id = intval($_POST['client_id']); $notes = sanitizeInput($_POST['notes']); @@ -171,6 +174,8 @@ if (isset($_POST['client_set_notes'])) { } if (isset($_POST['contact_set_notes'])) { + enforceUserPermission('module_client', 2); + $contact_id = intval($_POST['contact_id']); $notes = sanitizeInput($_POST['notes']); @@ -191,6 +196,8 @@ if (isset($_POST['contact_set_notes'])) { } if (isset($_POST['asset_set_notes'])) { + enforceUserPermission('module_support', 2); + $asset_id = intval($_POST['asset_id']); $notes = sanitizeInput($_POST['notes']); @@ -211,7 +218,7 @@ if (isset($_POST['asset_set_notes'])) { } /* - * Collision Detection/Avoidance + * Ticketing Collision Detection/Avoidance * Called upon loading a ticket, and every 2 mins thereafter * Is used in conjunction with ticket_query_views to show who is currently viewing a ticket */ @@ -222,7 +229,7 @@ if (isset($_GET['ticket_add_view'])) { } /* - * Collision Detection/Avoidance + * Ticketing Collision Detection/Avoidance * Returns formatted text of the agents currently viewing a ticket * Called upon loading a ticket, and every 2 mins thereafter */ @@ -255,7 +262,7 @@ if (isset($_GET['ticket_query_views'])) { * Generates public/guest links for sharing logins/docs */ if (isset($_GET['share_generate_link'])) { - validateTechRole(); + enforceUserPermission('module_support', 2); $item_encrypted_username = ''; // Default empty $item_encrypted_credential = ''; // Default empty @@ -375,7 +382,7 @@ if (isset($_GET['share_generate_link'])) { * Looks up info for a given recurring (was scheduled) ticket ID from the database, used to dynamically populate modal edit fields */ if (isset($_GET['recurring_ticket_get_json_details'])) { - validateTechRole(); + enforceUserPermission('module_support'); $client_id = intval($_GET['client_id']); $ticket_id = intval($_GET['ticket_id']); @@ -426,6 +433,8 @@ if (isset($_GET['recurring_ticket_get_json_details'])) { * Looks up info for a given quote ID from the database, used to dynamically populate modal fields */ if (isset($_GET['quote_get_json_details'])) { + enforceUserPermission('module_sales'); + $quote_id = intval($_GET['quote_id']); // Get quote details @@ -462,6 +471,7 @@ if (isset($_GET['quote_get_json_details'])) { * Returns sorted list of active clients */ if (isset($_GET['get_active_clients'])) { + enforceUserPermission('module_client'); $client_sql = mysqli_query( $mysqli, @@ -481,6 +491,8 @@ if (isset($_GET['get_active_clients'])) { * Returns ordered list of active contacts for a specified client */ if (isset($_GET['get_client_contacts'])) { + enforceUserPermission('module_client'); + $client_id = intval($_GET['client_id']); $contact_sql = mysqli_query( @@ -502,7 +514,7 @@ if (isset($_GET['get_client_contacts'])) { * When provided with a login ID, checks permissions and returns the 6-digit code */ if (isset($_GET['get_totp_token_via_id'])) { - validateTechRole(); + enforceUserPermission('module_credential'); $login_id = intval($_GET['login_id']); @@ -530,6 +542,152 @@ if (isset($_GET['get_readable_pass'])) { echo json_encode(GenerateReadablePassword(4)); } +/* + * ITFlow - POST request handler for client tickets + */ +if (isset($_POST['update_kanban_status_position'])) { + // Update multiple ticket status kanban orders + enforceUserPermission('module_support', 2); + + $positions = $_POST['positions']; + + foreach ($positions as $position) { + $status_id = intval($position['status_id']); + $kanban = intval($position['status_kanban']); + + mysqli_query($mysqli, "UPDATE ticket_statuses SET ticket_status_order = $kanban WHERE ticket_status_id = $status_id"); + } + + // return a response + echo json_encode(['status' => 'success']); + exit; +} + +if (isset($_POST['update_kanban_ticket'])) { + // Update ticket kanban order and status + enforceUserPermission('module_support', 2); + + // all tickets on the column + $positions = $_POST['positions']; + + foreach ($positions as $position) { + $ticket_id = intval($position['ticket_id']); + $kanban = intval($position['ticket_order']); // ticket kanban position + $status = intval($position['ticket_status']); // ticket statuses + $oldStatus = intval($position['ticket_oldStatus']); // ticket old status if moved + + $statuses['Closed'] = 5; + $statuses['Resolved'] = 4; + + // Continue if status is null / Closed + if ($status === null || $status === $statuses['Closed']) { + continue; + } + + + if ($oldStatus === false) { + // if ticket was not moved, just uptdate the order on kanban + mysqli_query($mysqli, "UPDATE tickets SET ticket_order = $kanban WHERE ticket_id = $ticket_id"); + customAction('ticket_update', $ticket_id); + } else { + // If the ticket was moved from a resolved status to another status, we need to update ticket_resolved_at + if ($oldStatus === $statuses['Resolved']) { + mysqli_query($mysqli, "UPDATE tickets SET ticket_order = $kanban, ticket_status = $status, ticket_resolved_at = NULL WHERE ticket_id = $ticket_id"); + customAction('ticket_update', $ticket_id); + } elseif ($status === $statuses['Resolved']) { + // If the ticket was moved to a resolved status, we need to update ticket_resolved_at + mysqli_query($mysqli, "UPDATE tickets SET ticket_order = $kanban, ticket_status = $status, ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id"); + customAction('ticket_update', $ticket_id); + + // Client notification email + if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) { + + // Get details + $ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_status_name, ticket_assigned_to, ticket_url_key, ticket_client_id FROM tickets + LEFT JOIN clients ON ticket_client_id = client_id + LEFT JOIN contacts ON ticket_contact_id = contact_id + LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id + WHERE ticket_id = $ticket_id + "); + $row = mysqli_fetch_array($ticket_sql); + + $contact_name = sanitizeInput($row['contact_name']); + $contact_email = sanitizeInput($row['contact_email']); + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $client_id = intval($row['ticket_client_id']); + $ticket_assigned_to = intval($row['ticket_assigned_to']); + $ticket_status = sanitizeInput($row['ticket_status_name']); + $url_key = sanitizeInput($row['ticket_url_key']); + + // Sanitize Config vars from get_settings.php + $config_ticket_from_name = sanitizeInput($config_ticket_from_name); + $config_ticket_from_email = sanitizeInput($config_ticket_from_email); + $config_base_url = sanitizeInput($config_base_url); + + // Get Company Info + $sql = mysqli_query($mysqli, "SELECT company_name, company_phone FROM companies WHERE company_id = 1"); + $row = mysqli_fetch_array($sql); + $company_name = sanitizeInput($row['company_name']); + $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'])); + + // EMAIL + $subject = "Ticket resolved - [$ticket_prefix$ticket_number] - $ticket_subject | (pending closure)"; + $body = "##- Please type your reply above this line -##

Hello $contact_name,

Your ticket regarding $ticket_subject has been marked as solved and is pending closure.

If your request/issue is resolved, you can simply ignore this email. If you need further assistance, please reply or re-open to let us know!

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: $ticket_status
Portal: View ticket

--
$company_name - Support
$config_ticket_from_email
$company_phone"; + + // Check email valid + if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) { + + $data = []; + + // Email Ticket Contact + // Queue Mail + + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $contact_email, + 'recipient_name' => $contact_name, + 'subject' => $subject, + 'body' => $body + ]; + } + + // Also Email all the watchers + $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); + $body .= "

----------------------------------------
YOU ARE A COLLABORATOR ON THIS TICKET"; + while ($row = mysqli_fetch_array($sql_watchers)) { + $watcher_email = sanitizeInput($row['watcher_email']); + + // Queue Mail + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $watcher_email, + 'recipient_name' => $watcher_email, + 'subject' => $subject, + 'body' => $body + ]; + } + addToMailQueue($data); + } + //End Mail IF + + } else { + // If the ticket was moved from any status to another status + mysqli_query($mysqli, "UPDATE tickets SET ticket_order = $kanban, ticket_status = $status WHERE ticket_id = $ticket_id"); + customAction('ticket_update', $ticket_id); + } + } + + } + + // return a response + echo json_encode(['status' => 'success','payload' => $positions]); + exit; +} + if (isset($_POST['update_ticket_tasks_order'])) { // Update multiple ticket tasks order enforceUserPermission('module_support', 2); @@ -537,7 +695,7 @@ if (isset($_POST['update_ticket_tasks_order'])) { $positions = $_POST['positions']; $ticket_id = intval($_POST['ticket_id']); - foreach ($positions as $position) { + foreach ($positions as $position) { $id = intval($position['id']); $order = intval($position['order']);